III Simposio Español de Comercio Electrónico, pp. 95-104, June, 2005.
Los sistemas electrónicos de pago permiten que un comprador adquiera a un vendedor una serie de productos y servicios de forma virtual. Sin embargo, estos sistemas no tienen en cuenta el escenario en el que un comprador se convierte en donante, accediendo al servicio de forma gratuita. En este artículo se presenta el concepto y características de las microdonaciones, o la donación de cantidades tan pequeñas como un céntimo de euro en el contexto del comercio electrónico. También se muestra como la microdonación es algo necesario en el contexto actual de Internet, y como es posible su implementación basándose en sistemas de micropago.
Computer Networks, vol. 57, Elsevier, pp. 2266–2279, July 2013. DOI (I.F.: 1.282)
In the Internet of Things, services can be provisioned using centralized architectures, where central entities acquire, process, and provide information. Alternatively, distributed architectures, where entities at the edge of the network exchange information and collaborate with each other in a dynamic way, can also be used. In order to understand the applicability and viability of this distributed approach, it is necessary to know its advantages and disadvantages – not only in terms of features but also in terms of security and privacy challenges. The purpose of this paper is to show that the distributed approach has various challenges that need to be solved, but also various interesting properties and strengths.
5th IEEE International Conference on Mobile Ad Hoc and Sensor Systems (MASS’08), IEEE, pp. 796-801, September, 2008. DOI
An out-of-band (OoB) channel can be defined as an extra channel, different from the main wireless channel, that has additional security properties. They are specially suitable for protecting spontaneous interactions and exchanging sensitive data between previously unknown devices. Due to the vulnerable nature of wireless sensor networks (WSN), these kind of channels might be useful for protecting certain sensor network operations. In this paper we analyze the applicability of out-of-band channels to wireless sensor networks, and specify why an optical channel should be a good candidate for implementing an extra channel in sensor nodes. Also, we analyze how the existing security threats may affect this type of channel. Finally, the suitability and usability of optical channels for sensor networks is demonstrated by means of a prototype.
V Jornadas de Ingenería Telemática (JITEL’05), pp. 335-343, Septiembre, 2005.
The design and development of security infrastructures and protocols for Wireless Sensor Networks is a difficult task, due to several factors like the constraints of the sensor nodes and the public nature of the communication channels. The intrinsic features of these networks create numerous security problems. In this paper, we analyze and put into perspective those problems.
IEEE Internet of Things Journal, vol. 6, issue 3, IEEE Computer Society, pp. 4774-4781, 06/2019. DOI (I.F.: 9.936)
The Internet of Things (IoT) and Edge Computing are starting to go hand in hand. By providing cloud services close to end-users, edge paradigms enhance the functionality of IoT deployments, and facilitate the creation of novel services such as augmented systems. Furthermore, the very nature of these paradigms also enables the creation of a proactive defense architecture, an immune system, which allows authorized immune cells (e.g., virtual machines) to traverse edge nodes and analyze the security and consistency of the underlying IoT infrastructure. In this article, we analyze the requirements for the development of an immune system for the IoT, and propose a security architecture that satisfies these requirements. We also describe how such a system can be instantiated in Edge Computing infrastructures using existing technologies. Finally, we explore the potential application of immune systems to other scenarios and purposes.
Computers & Electrical Engineering, vol. 37, Elsevier, pp. 147-159, Mar 2011. DOI (I.F.: 0.837)
If a wireless sensor network (WSN) is to be completely integrated into the Internet as part of the Internet of Things (IoT), it is necessary to consider various security challenges, such as the creation of a secure channel between an Internet host and a sensor node. In order to create such a channel, it is necessary to provide key management mechanisms that allow two remote devices to negotiate certain security credentials (e.g. secret keys) that will be used to protect the information flow. In this paper we will analyse not only the applicability of existing mechanisms such as public key cryptography and pre-shared keys for sensor nodes in the IoT context, but also the applicability of those link-layer oriented key management systems (KMS) whose original purpose is to provide shared keys for sensor nodes belonging to the same WSN.
European PKI Workshop: Theory and Practice (EuroPKI’07), LNCS 4582, Springer, pp. 313-320, June, 2007. DOI
Wireless Sensor Networks (WSN) are becoming a key technology in the support of pervasive and ubiquitous services. The previous notion of PKC is too expensive for WSN has changed partially due to the existence of new hardware and software prototypes based on Elliptic Curve Cryptography and other PKC primitives. Then, it is necessary to analyze whether it is both feasible and convenient to have a Public Key Infrastructure for sensor networks that would allow the creation of PKC-based services like Digital Signatures.
20th IFIP International Information Security Conference (IFIP-SEC’05), R. Sasaki, S. Qing, E. Okamoto, and H. Yoshiura Eds., Springer, pp. 281-294, May, 2005.
Spam turns out to be an increasingly serious problem to email users. A number of anti-spam schemes have been proposed and deployed, but the problem has yet been well addressed. One of those schemes is challenge-response, in which a challenge is imposed on an email sender. However, such a scheme introduces new problems for the users, e.g., delay of service and denial of service attacks. In this paper, we introduce a pre-challenge scheme that avoids those problems. It assumes each user has a challenge that is defined by the user himself/herself and associated with his/her email address, in such a way that an email sender can simultaneously retrieve a new receiver’s email address and challenge before sending an email in the first contact. Some new mechanisms are employed to reach a good balance between security against spam and convenience to email users.
Security and Privacy in Mobile and Wireless Networking, S. Gritzalis, T. Karygiannis, and C. Skianis Eds., Troubador Publishing Ltd, pp. 105-128, 2009.
The concept of trust has become very relevant in the late years as a consequence of the growth of fields such as internet transactions or electronic commerce. In general, trust has become of paramount importance for any kind of distributed networks, such as wireless sensor networks (WSN in the following). In this chapter of the book, we try to give a general overview of the state of the art on trust management systems for WSN and also try to identify the main features of the architectures of these trust management systems.
Computer Communications, vol. 29, no. 15, Elsevier, pp. 2739-2749, 2006. DOI (I.F.: 0.444)
Unsolicited Commercial Email, or Spam, is nowadays an increasingly serious problem to email users. A number of anti-spam schemes have been proposed in the literature and some of them have been deployed in email systems, but the problem has yet been well addressed. One of those schemes is challenge-response, in which a challenge, ranging from a simple mathematical problem to a hard-AI problem, is imposed on an email sender in order to forbid machine-based spam reaching receivers’ mailboxes. However, such a scheme introduces new problems for the users, e.g., delay of service and denial of service. In this paper, we introduce the pre-challenge scheme, which is based on the challenge-response mechanism and takes advantage of some features of email systems. It assumes each user has a challenge that is defined by the user himself/herself and associated with his/her email address, in such a way that an email sender can simultaneously retrieve a new receiver’s email address and challenge before sending an email in the first contact. Some new mechanisms are employed in our scheme to reach a good balance between security against spam and convenience to normal email users. Our scheme can be also used for protecting other messaging systems, like Instant Messaging and Blog comments.
IEEE Computer, vol. 51, issue 7, IEEE Computer Society, pp. 16-25, 07/2018. DOI (I.F.: 3.564)
5th International Symposium on Security and Multimodality in Pervasive Environments (SMPE’11), IEEE, March, 2011. DOI
Key Management Schemes (KMS) are a very important security mechanism for Wireless Sensor Networks (WSN), as they are used to manage the credentials (i.e. secret keys) that are needed by the security primitives. There is a large number of available KMS protocols in the literature, but it is not clear what should network designers do to choose the most suitable protocol for the needs of their applications. In this paper, we consider that given a certain set of application requirements, the network designer can check which properties comply with those requirements and select the KMS protocols that contains those particular properties. Therefore, we study the relationship between requirements and properties, and we provide a web tool, the SenseKey tool, that can be used to automatically obtain an optimal set of KMS protocols.
1st International Conference on Autonomic Computing and Communication Systems (Autonomics’07), ICST, October, 2007.
Research on trust management systems for wireless sensor networks is still at a very early stage and few works have done so far. It seems that for those works which deal with the topic general features of how these systems should be are not clearly identified. In this paper we try to identify the main features that a trust management system should have and justify their importance for future developments.
Computational Science and Its Applications (ICCSA’05), LNCS 3482, Springer, pp. 681-690, May, 2005. DOI
Wireless Sensor Networks are extremely vulnerable against any kind of internal or external attacks, due to several factors such as resource-constrained nodes and lack of tamper-resistant packages. As a result, security must be an important factor to have in mind when designing the infrastructure and protocols of sensor networks. In this paper we survey the state-of-the-art security issues in sensor networks and highlight the open areas of research.security issues in sensor networks and highlight the open areas of research.
3rd CompanionAble Workshop - Future Internet of People, Things and Services (IoPTS) eco-Systems, xxxx, pp. xxxx, December, 2009.
Wireless sensor networks are considered as an integral part of the Internet of Things paradigm. Not only they provide a virtual presence to elements of the real world, but also allow any computationalsystem to know about the physical state of those elements thanks to the use of embedded sensors. In order to belong to the Internet of Things, the elements of a sensor network can implement Internet protocols and services such as the TCP/IP stack and web services. Still, a question that must be raised at this point of time is whether all sensor network applications should be completely integrated into the Internet or not. The purpose of this paper is to analyze this question, reviewing the challenges and security requirements of Internet-enabled sensor networks.
IEEE Consumer Communications & Networking Conference (CCNC 2006), IEEE, pp. 640-644, January, 2006. DOI
The research of Intrusion Detection Systems (IDS) is a mature area in wired networks, and has also attracted many attentions in wireless ad hoc networks recently. Nevertheless, there is no previous work reported in the literature about IDS architectures in wireless sensor networks. In this paper, we discuss the general guidelines for applying IDS to static sensor networks, and introduce a novel technique to optimally watch over the communications of the sensors’ neighborhood on certain scenarios.
Future Generation Computer Systems, vol. 78, issue 1, Elsevier, pp. 680-698, 01/2018. DOI (I.F.: 5.768)
For various reasons, the cloud computing paradigm is unable to meet certain requirements (e.g. low latency and jitter, context awareness, mobility support) that are crucial for several applications (e.g. vehicular networks, augmented reality). To fulfil these requirements, various paradigms, such as fog computing, mobile edge computing, and mobile cloud computing, have emerged in recent years. While these edge paradigms share several features, most of the existing research is compartmentalised; no synergies have been explored. This is especially true in the field of security, where most analyses focus only on one edge paradigm, while ignoring the others. The main goal of this study is to holistically analyse the security threats, challenges, and mechanisms inherent in all edge paradigms, while highlighting potential synergies and venues of collaboration. In our results, we will show that all edge paradigms should consider the advances in other paradigms.
IEEE Computer, vol. 44, no. 9, IEEE, pp. 51 -58, Sept 2011. DOI (I.F.: 1.47)
This paper presents security of Internet of things. In the Internet of Things vision, every physical object has a virtual component that can produce and consume services Such extreme interconnection will bring unprecedented convenience and economy, but it will also require novel approaches to ensure its safe and ethical use. The Internet and its users are already under continual attack, and a growing economy-replete with business models that undermine the Internet’s ethical use-is fully focused on exploiting the current version’s foundational weaknesses.
Wireless Sensor Network Security, J. Lopez, and J. Zhou Eds., IOS Press, 2008.
Security has been proven a crucial factor in the provision of data services and especially in the computer-related environments. While wired and wireless networks come to all sectors of everyday life, security tries to satisfy the growing needs for confidentiality, integrity and non-repudiation. There are many instances of security primitives and each one of them has different requirements in terms of processing power, word size, etc. Therefore, it is important to review the functionality of the less resource-demanding encryption algorithms in order to analyze their theoretical suitability to the existent sensor node hardware. Still, the constraints inherent to the sensor nodes advise against the total dependence on software-based implementations, even more in the case of expensive primitives.
V Jornadas de Ingeniería Telemática (JITEL’05), pp. 375-382, September, 2005.
Spam is considered to be one of the biggest problems in messaging systems. In the area of email Spam, A high number of anti-spam schemes have been proposed and deployed, but the problem has yet been well addressed. In this paper, we introduce a new scheme, called pre-challenge scheme, which avoids problems that exists in other schemes such as delay of service and denial of service. Some new mechanisms are employed to reach a good balance between security against Spam and convenience to email users. In addition, our scheme can be used for protecting other types of messaging systems, such as Instant Messaging (IM) and Blogs, against Spam.
Internet Research, vol. 19, no. 2, Emerald, pp. 246-259, Mar 2009. DOI (I.F.: 0.844)
Purpose: This paper aims to analyze the security issues that arise when integrating wireless sensor networks (WSN) and the internet. Also, it seeks to review whether existing technology mechanisms are suitable and can be applied in this context.
Design/methodology/approach: The paper considers the possible approaches that can be used to connect a WSN with the internet, and analyzes the security of their interactions.
Findings: By providing the services of the network through a front-end proxy, a sensor network and the internet can interact securely. There are other challenges to be solved if the sensor nodes are integrated into the internet infrastructure, although there exists interesting advances on his matter.
Research limitations and implications: The complete integration of sensor networks and the internet still remains as an open issue.
Practical implications: With the current state of the art, it is possible to develop a secure sensor network that can provide its services to internet hosts with certain security properties.
Originality/value: The paper studies the interactions between sensor networks and the internet from the point of view of security. It identifies both solutions and research challenges.
Information Security Technical Report, vol. 12, no. 1, Elsevier, pp. 24-31, 2007. DOI
Critical Infrastructures, such as energy, banking, and transport, are an essential pillar to the well-being of the national and international economy, security and quality of life. These infrastructures are dependent on a spectrum of highly interconnected information infrastructures for their smooth, reliable and continuous operation. The field of protecting such Critical Information Infrastructures, or CIIP, faces numerous challenges, such as managing the secure interaction between peers, assuring the resilience and robustness of the overall system, and deploying warning and alert systems, amongst others. In this tapestry of CIIP, Wireless Sensor Networks can be used as an invaluable tool due to their intelligent distributed control capabilities, alongside with their capability to work under severe conditions. In this paper, we justify why Wireless Sensor Networks technology is suitable for providing security for these scenarios, describing both their advantages and research issues and their role in the overall scheme of protecting the Critical Information Infrastructures.
International Journal of Computer Systems Science & Engineering, vol. 3, CRL Publishing, pp. 185-192, 2005. (I.F.: 0.119)
Virtual Private Networks (VPNs) provide a cost-effective way for securing communications using public and insecure networks like the Internet. The main purpose of a VPN is to securely and transparently connect two or more remote networks to form virtually a single network, using centralized security policies for better management and protection. However, in certain scenarios, users may not require such a transparent access to the resources within their networks, but only want temporary secure access to internal services based on their own demands. We call the network architecture with such a feature as Casual VPN. In this paper, we present the notion of Casual VPN, and explain why traditional VPN architectures and protocols are unable to offer Casual VPN services. We also propose and define the operation of a particular Casual VPN architecture, C-VPN, which additionally allows the management of TCP and UDP-based protocols.
Information Systems Frontiers, vol. 14, Springer, pp. 527-540, July 2012. DOI (I.F.: 0.851)
Our society is becoming increasingly more IT-oriented, and the images and sounds that reflect our daily life are being stored mainly in a digital form. This digital personal life can be part of the home multimedia contents, and users demand access and possibly share these contents (such as photographs, videos, and music) in an ubiquitous way: from any location and with any device. The purpose of this article is twofold. First, we introduce the Feel@Home system, whose main objective is to enable the previously mentioned vision of an ubiquitous digital personal life. Second, we describe the security architecture of Feel@Home, analyzing the security and privacy requirements that identify which threats and vulnerabilities must be considered, and deriving the security building blocks that can be used to protect both IMS-based and VPN-based solutions.
IEEE Communications Magazine, vol. 46, no. 4, IEEE, pp. 102-107, April, 2008. DOI (I.F.: 2.799)
A wireless sensor network should be able to operate for long periods of time with little or no external management. There is a requirement for this autonomy: the sensor nodes must be able to configure themselves in the presence of adverse situations. Therefore, the nodes should make use of situation awareness mechanisms to determine the existence of abnormal events in their surroundings. This work approaches the problem by considering the possible abnormal events as diseases, thus making it possible to diagnose them through their symptoms, namely, their side effects. Considering these awareness mechanisms as a foundation for high-level monitoring services, this article also shows how these mechanisms are included in the blueprint of an intrusion detection system.
Simposio sobre Computación Ubicua e Inteligencia Ambiental (UCAmI’05), pp. 113-120, September, 2005.
Los sistemas de detección de intrusiones (IDS) son una herramienta imprescindible de seguridad a la hora de proteger una red. Recientemente se han investigado y desarrollado arquitecturas de IDS para redes inalámbricas, en concreto para redes "Ad Hoc". No obstante, no existe un trabajo previo que desarrolle una arquitectura de IDS para una red de sensores. En este artículo, analizamos porque los sistemas IDS de redes "Ad Hoc" no pueden aplicarse a redes de sensores, e introducimos una arquitectura de IDS para redes de sensores que incorpora una nueva técnica para vigilar las comunicaciones de la red en ciertos escenarios.
Wireless Communications and Mobile Computing, vol. 11, Wiley, pp. 267-276, 2011. DOI (I.F.: 0.884)
The wireless sensor networks (WSN) paradigm is especially vulnerable against external and internal attacks. Therefore, it is necessary to develop security mechanisms and protocols to protect them. These mechanisms must become an integral part of the software architecture and network stack of a sensor node. A question that remains is how to achieve this integration. In this paper we check how both academic and industrial solutions tackle this issue, and we present the concept of a transversal layer, where all the different security mechanisms could be contained. This way, all the elements of the architecture can interact with the security mechanisms, and the security mechanisms can have a holistic point of view of the whole architecture. We discuss the advantages of this approach, and also present how the transversal layer concept was applied to a real middleware architecture.
Mobile Networks and Applications, vol. 12, no. 4, Springer, pp. 231-244, August, 2007. DOI (I.F.: 0.586)
In a wireless sensor network environment, a sensor node is extremely constrained in terms of hardware due to factors such as maximizing lifetime and minimizing physical size and overall cost. Nevertheless, these nodes must be able to run cryptographic operations based on primitives such as hash functions, symmetric encryption and public key cryptography in order to allow the creation of secure services. Our objective in this paper is to survey how the existing research-based and commercial-based sensor nodes are suitable for this purpose, analyzing how the hardware can influence the provision of the primitives and how software implementations tackles the task of implementing instances of those primitives. As a result, it will be possible to evaluate the influence of provision of security in the protocols and applications/scenarios where sensors can be used.